<?php

class Db_user extends CI_Model {
	
	function Db_user()
	{
		parent::__construct();
	}
	
	function registerUser($newUser)
	{
		// take input from registration form and register user
		// send email for confirmation
		$fname = $newUser['fname'];
		$lname = $newUser['lname'];
		$org = $newUser['org'];
		$email = $newUser['email'];
		$saltA = $newUser['saltA'];
		$saltB = $newUser['saltB'];
		$pass = $newUser['pass'];
		$key = $newUser['key'];
		$mysql = "INSERT INTO oow_users VALUES (NULL, 1, '$email', '$pass', '$saltA', '$saltB', '$key', 0, '', '$fname', '$lname', '$org', '', '', '')";
		$query = $this->db->query($mysql);
		$mysql = "SELECT user_id FROM oow_users WHERE user_name = '$email'";
		$query = $this->db->query($mysql);
		if ($query->num_rows() > 0) {
			$row = $query->row();
			return $id = $row->user_id;
		}
	}
	
	function confirmUser($id, $key)
	{
		$mysql = "SELECT confirm_key FROM oow_users WHERE user_id = '$id'";
		$query = $this->db->query($mysql);
		if ($query->num_rows() > 0) {
			$row = $query->row();
			$db_key = $row->confirm_key;
		}
		if ($key == $db_key) {
			// the keys match, confirm the account
			$mysql = "UPDATE oow_users SET confirmed = 1 WHERE user_id = '$id'";
			$query = $this->db->query($mysql);
			return 1;
		} else {
			// the keys do not match, do not confirm the account
			return 0;
		}
	}
	
	function loginUser($user = '', $pass = '')
	{
		$mysql = "SELECT user_id, password, salt_a, salt_b, confirmed, user_role FROM oow_users WHERE user_name = '$user'";
		$query = $this->db->query($mysql);
		if ($query->num_rows() > 0) {
			$row = $query->row();
			$confirmed = $row->confirmed;
			if ($confirmed == 0) {
				return 'Please confirm your account to login.';
			} else {
				$db_pass = $row->password;
				$saltA = $row->salt_a;
				$saltB = $row->salt_b;
				$checkPw = hash("sha512", $saltB.$pass.$saltA);
				if ($checkPw == $db_pass) {
					$result['status'] = 1;
					$result['user_role'] = $row->user_role;
					$result['user_name'] = $user;
					$result['user_id'] = $row->user_id;
				} else {
					$result['status'] = 0;
					$result['message'] = 'Incorrect password. Please try again.';
				}
			}
		} else {
			$result['status'] = 0;
			$result['message'] = 'User does not exist. Please register.';
		}
		return $result;
	}
	
	function userExists($user)
	{
		$mysql = "SELECT user_id, first_name FROM oow_users WHERE user_name = '$user'";
		$query = $this->db->query($mysql);
		if ($query->num_rows() == 0) {
			return 0;
		} else {
			$row = $query->row();
			$info['id'] = $row->user_id;
			$info['name'] = $row->first_name;
			return $info;
		}
	}
	
	function setForgotKey($id, $key)
	{
		$mysql = "UPDATE oow_users SET forgot_key = '$key' WHERE user_id = '$id'";
		$query = $this->db->query($mysql);
	}
	
	function resetPass($id, $key)
	{
		$mysql = "SELECT forgot_key FROM oow_users WHERE user_id = '$id'";
		$query = $this->db->query($mysql);
		if ($query->num_rows() > 0) {
			$row = $query->row();
			$db_key = $row->forgot_key;
		}
		if ($key == $db_key) {
			// the keys match, confirm the account
			return 1;
		} else {
			// the keys do not match, do not confirm the account
			return 0;
		}
	}
	
	function updatePass($id, $newPass, $saltA, $saltB)
	{
		$mysql = "UPDATE oow_users SET password = '$newPass', salt_a = '$saltA', salt_b = '$saltB', forgot_key = '' WHERE user_id = '$id'";
		$query = $this->db->query($mysql);
	}

}

/* End of file db_user.php */
/* Location: roadrunner/models/db_user.php */
?>